POST /oauth2/userinfo

The result is either a JSON Object or a JSON Web Token, depending on whether the client registered a
signing algorithm in its userinfo_signed_response_alg field, as per the
Open ID Connect specification.

Authorization is via an OAuth access token passed as a Bearer token in the Authorization header.